Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Web application penetration testing professional - WAPTP v3.1
INTRODUCTION
About course (2:47)
BE PREPARED
Web attack simulation Lab (11:38)
WEB APPLICATION TECHNOLOGIES 101
Web application technologies 101 - PDF
HTTP Protocol Basics (10:48)
Encoding Schemes (13:07)
Same Origin Policy - SOP (6:18)
HTTP Cookies (10:59)
Cross-origin resource sharing (4:53)
Web application proxy - Burp suite (9:10)
Web application architecture - PDF
HTTP State Management Mechanism - RFC6265
DNSSEC- RFC_3008
Domain names concepts - rfc1034
INFORMATION GATHERING - MAPPING THE APPLICATIONS
Fingerprinting web server (5:25)
DNS Analysis - Enumerating subdomains (3:53)
Metasploit for web application attacks (12:06)
Identifying Load Balancers
Web technologies analysis in real time (2:45)
Outdated web application to server takeover (7:35)
BruteForcing Web applications (5:57)
Shodan HQ (7:11)
Harvesting the data (5:02)
Finding link of target with Maltego CE (8:41)
CROSS-SITE SCRIPTING ATTACKS - XSS
Cross Site Scripting- XSS - PDF
Cross site scripting 101 (7:26)
Reflected XSS (13:43)
Persistent XSS (11:05)
DOM-based XSS (10:09)
Website defacement through XSS (9:22)
Generating XSS attack payloads (12:46)
XSS in PHP, ASP & JS Code review (13:23)
Cookie stealing through XSS (12:23)
Advanced XSS phishing attacks (7:37)
Advanced XSS with BeEF attacks (9:34)
Advanced XSS attacks with Burp suite (8:20)
SQL INJECTION ATTACKS - EXPLOITATIONS
SQL Injection attacks - PDF
Introduction to SQL Injection (16:20)
Dangers of SQL Injection (4:47)
Hunting for SQL Injection vulnerabilities (19:53)
In-band SQL Injection attacks (26:32)
Blind SQL Injection attack in-action (9:44)
Exploiting SQL injection - SQLMap (8:46)
Fuzzing for SQL Injection - Burp Intruder (13:41)
Druppageddon attack -Resources
CROSS SITE REQUEST FORGERY - XSRF
CSRF or XSRF attack methods (12:21)
Anti-CSRF Token methods (15:19)
Anti-CSRF token stealing-NOT easy (11:18)
CSRF Prevention
AUTHENTICATION & AUTHORIZATION ATTACKS
Authentication bypass-hydra (11:02)
HTTP Verb Tampering (8:49)
HTTP parameter pollution - HPP (6:01)
Authentication Cheet sheet - OWASP
CLIENT SIDE SECURITY TESTING
Client side control bypass (9:36)
Web socket-rfc6455
Cross window messeging - Resource
FILE RELATED VULNERABILITIES
LFI & RFI attacks (12:41)
Unrestricted file upload - content type (6:29)
Unrestricted file upload - exetension type (5:30)
Remote code execution using Shell Uploads (9:14)
XML EXTERNAL ENTITY ATTACKS - XXE
XML Documents & database (13:38)
XXE attacks in action (13:52)
Out-of-band XXE - Resource
EXTERNAL RESOURCES FOR WEBSITE AUDITING
Website auditing - Wordpress
Defence-In-Defth applied to web applications
Defence-In-Defth applied to web applications
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock